Protecting and securing information communicated between computing devices is a requirement that is well acknowledged by the computing industry. As known in the art, an attacker that gains access to sensitive or personal data may cause extreme damage. The need to authenticate devices is critical in enforcing security of information.
Known systems and methods use encryption to secure and protect communicated data and credentials (e.g., user name and password) to authenticate devices or users. However, known systems and methods suffer from a few drawbacks. For example, some systems and methods use a certificate authority that, if hacked, may fail to provide security. Other examples may be a hacker who obtains credentials such as user name and password and can use the credentials to authenticate himself to a computer, device or system, an eavesdropper who manages to obtain an encryption key and can decrypt encrypted data, and an adversary or malicious entity who manages to capture one or more decrypted messages and may decipher the encrypted messages.
For example, some known systems and methods use a public key infrastructure (PKI) that includes a set of rules and procedures used to create and distribute digital certificates that are used to authenticate, or confirm identities of, parties involved in a communication. Specifically, a registration authority (RA) accepts requests for digital certificates and authenticates entities.
Accordingly, PKI based systems and methods do not scale easily since the load on an RA increases as the number of devices in a system grows. For example, known systems and methods are unable to meet challenges introduced by the introduction of Internet of Things (IoT) devices and systems where extremely large numbers of devices need to be authenticated.
Yet another drawback is the fact that, if a key issued by an RA to sign certificates is stolen or otherwise obtained by a hacker, then all certificates of the RA are immediately rendered useless. Further aggravating the problem associated with known systems and methods is the fact that an RA is a single point of failure.